You are not logged in and only seeing 7 days of articles. Please sign up or login to view more
Tuesday 20 September 2022

Uber hacked by LAPSUS$ in widespread attack

UberLast Thursday evening Uber suffered a significant cyber breach, which it now believes the hacking group LAPSUS$ to be responsible for. The attack forced the company to temporarily shut down some internal systems and though the impact seems to have been minimal, the beach was widespread, ranging across multiple systems and applications.

It’s believed that the attacker purchased a contractor’s Uber corporate password on the dark web, after their personal device had been infected with malware. They then used a multi-factor authentication (MFA) fatigue attack where the contractor was flooded with two-factor authentication (2FA) login requests until one of them was accepted.

The LAPSUS$ group typically uses similar techniques to target technology companies, and in 2022 alone has breached Microsoft, Cisco, Samsung, Nvidia and Okta, among others. There are also reports over the weekend that this same actor breached video game maker Rockstar Games.

The attacker accessed several other employee accounts which ultimately gave them elevated permissions to a number of tools, including G-Suite and Slack, as well as a range of internal systems including sales data and the HackerOne dashboard, where security researchers report bugs and vulnerabilities. In a strange twist the hacker then posted a message to a company-wide Slack channel, announcing themselves and the data breach.

Uber has said that its public facing systems were not affected and the databases it uses to store sensitive user data, such as bank details and trip history, were not violated. Nor had the attacker altered the software code underlying its app and services.

It’s an extremely common misconception that MFA (push/touch/mobile) prevents social engineering. Although it can protect against an attacker who only has the victim's credentials, it is commonly still vulnerable to attacks such as that experienced by Uber. Mitigating such attacks can be hard, but some steps can be taken such as using "phishing-resistant" forms of MFA, such as FIDO2, implementing safeguards such as locking out users after repeated failed MFA attempts, and utilising Zero trust principles, limiting user access to only applications and systems that are required.

Posted by: Simon Baxter at 09:08

Tags: cybersecurity  

Twitter   Facebook   LinkedIn   Email article link

© TechMarketView LLP 2007-2022: Unauthorised reproduction prohibited see full Terms and Conditions.